When sending AFCA information, AFCA asks that members redact or otherwise remove the following sensitive information:
- Tax File Numbers (TFNs)
Tax File Numbers must be redacted for legal compliance reasons, and failure to do so can lead to heavy fines by the Office of the Australian Commissioner and/or under tax rules.
- Government-related identifiers (GRIs)
The Privacy Act provides that AAP entities must not adopt, use, or disclose GRIs such as Medicare numbers and driver's license numbers unless an exception applies. An exception applicable to complaint handling is where the GRI is required for identification purposes in a fraud complaint. Unless an exception applies, we ask for members to redact any GRIs.
- Credit card numbers
In line with the Payment Card Industry Data Security Standard (PCI DSS) we ask that members only provide the last four numbers from the 16-digit string of a credit card number.
Failure to meet responsibilities under the Privacy Act carries serious legal implications and financial penalties. Accordingly, from 1 December 2021, AFCA will not be accepting unredacted information relating to TFNs, GRIs and credit card numbers.
AFCA’s publishes revised Privacy Policy
AFCA recently published a revised version of its Privacy Policy, which explains why privacy is important to our interactions with complainants and members.
The policy also reflects our strong commitment to privacy and outlines how AFCA looks after and secures the information we collect during the external dispute resolution process.
